1. Forum
  2. FidoNet
  3. CONSPRCY

  • Verizon security flaw cou

    From Mike Powell@1:2320/105 to All on Thursday, April 03, 2025 10:16:00
    Verizon security flaw could allow hackers to view entire call history

    Date:
    Thu, 03 Apr 2025 13:22:00 +0000

    Description:
    Verizon fixed the flaw in March 2025, but users should still be on their
    guard.

    FULL STORY

    A bug in a Verizon API allowed malicious actors to view other peoples
    incoming call logs until it was fixed.

    Cybersecurity researcher Evan Connelly found the bug in Call Filter, a free
    app Verizon ships with all iOS and Android devices sold directly through the telco to help users block spam calls, identify unknown numbers, and avoid robocalls.

    Given Verizons large subscriber base, the app likely has millions of users,
    as it offers features like spam detection, caller ID, personal block lists,
    and automatic blocking of high-risk calls. Call Filter also has a premium version which adds spam lookup, custom controls, and caller ID for unknown numbers.

    Targeting journalists

    As Connelly explained, the app connects to an API endpoint where it retrieves the logged-in users incoming call history, and then displays it in the app. However, due to a misconfiguration in the API, the users phone number is not verified, meaning that any user could request the data for anyone else.

    Connelly tested the iOS version, but claims the problem is platform-agnostic, since the bug resides in the API, instead of the app itself.

    Seeing someones call log might not seem like much at first, but Connelly
    warns that it could be a powerful surveillance tool, especially against high-profile targets such as journalists, government opponents, dissidents,
    and similar.

    "Call metadata might seem harmless, but in the wrong hands, it becomes a powerful surveillance tool. With unrestricted access to another user's call history, an attacker could reconstruct daily routines, identify frequent contacts, and infer personal relationships," Connelly said.

    Verizon addressed the flaw sometime in March 2025, but we dont know for how long this information was exposed, so users should still take extra care.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/verizon-security-flaw-could-allow-hacke rs-to-view-entire-call-history

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)